Outpatient Anesthesia Solutions

noBgColor
Menu

Privacy Statement

Privacy Policy for OAStaff.com

Last updated: March 5,2026

At OAStaff, accessible from https://oastaff.com, we are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to your data. This link is for our Privacy Practice 

1. Information We Collect

We collect personal information that you voluntarily provide when you:

  • Submit a job application or contact form

  • Request information about our services

  • Communicate with us by email or phone

This may include:

  • Full name

  • Email address

  • Phone number

  • Resume and employment history

  • IP address and browser information

2. How We Use Your Information

We use the information collected to:

  • Respond to your inquiries and job applications

  • Provide employment and staffing services

  • Improve the performance and security of our website

  • Comply with applicable legal obligations

We do not sell or rent your personal data to third parties.

3. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

  • Analyze website traffic and usage (e.g., via Google Analytics)

  • Ensure compliance with privacy regulations (via tools like Complianz)

  • Improve your browsing experience

You can manage or withdraw your consent to cookies at any time by clicking [here] (insert Complianz shortcode:

).

4. Sharing Your Information

We may share limited personal information with third-party providers that help us operate our website and business. These partners are contractually required to keep your information confidential and secure.

5. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or to comply with legal requirements. You may request deletion of your data at any time.

6. Your Privacy Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal data

  • Object to or restrict how your data is processed

  • Withdraw consent for data collection

To exercise these rights, please contact us directly using the information below.

7. Contact Information

If you have any questions or wish to make a privacy-related request, contact us:

OAStaff
📮 PO Box 773396, Detroit, MI 48277
📞 727-203-5114
📧 info@OAStaff.com
🕒 Monday – Friday, 8:00 a.m. – 5:00 p.m.

8. Changes to This Policy

We may update this Privacy Policy as needed to stay compliant with relevant laws and best practices. Updates will be posted to this page with the revised date.

NOTICE OF PRIVACY PRACTICES

Outpatient Anesthesia Solutions

901 34th ave n #7266 st petersburg fl 33734
 www.oastaff.com

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

THIS NOTICE ALSO DESCRIBES HOW INFORMATION ABOUT YOUR SUBSTANCE USE DISORDER TREATMENT MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW THIS NOTICE CAREFULLY.

YOUR RIGHTS  •  OUR USES AND DISCLOSURES  •  YOUR CHOICES  •  OUR RESPONSIBILITIES  •  HOW TO FILE A COMPLAINT CONCERNING A VIOLATION OF THE PRIVACY OR SECURITY OF YOUR HEALTH INFORMATION, OR OF YOUR RIGHTS CONCERNING YOUR INFORMATION

Effective Date: This Notice is effective as of February 16, 2026. This Notice replaces all prior versions of our Notice of Privacy Practices.

Outpatient anesthesia solutions (“we,” “our,” or “us”) includes all health care practitioners, clinical staff, and administrative personnel providing services at or on behalf of our practice. This Notice applies to all health care services provided at our locations, including primary care, specialty care, behavioral health, substance use disorder treatment, laboratory services, and all other clinical services.

We are required by applicable federal and state law to maintain the privacy of your protected health information (“PHI”), to provide you with this Notice of our legal duties and privacy practices with respect to your PHI, and to abide by the terms of this Notice. We are also a Part 2 Program as defined under 42 CFR Part 2, and this Notice incorporates and satisfies both the HIPAA Notice of Privacy Practices requirements under 45 CFR 164.520 and the Part 2 Patient Notice requirements under 42 CFR § 2.22.

In addition to federal law, the State of Florida provides important privacy protections for your health care information. Florida’s constitutional right to privacy (Article I, Section 23, Florida Constitution) provides broad protections that extend to medical records. Additional protections are provided under Florida’s health care practitioner records law (§ 456.057, F.S.), the Florida Mental Health Act (Baker Act, Chapter 394, F.S.), the Hal S. Marchman Alcohol and Other Drug Services Act (Marchman Act, Chapter 397, F.S.), Florida’s HIV testing law (§ 381.004, F.S.), Florida’s STD confidentiality law (§ 384.29, F.S.), and the Florida Information Protection Act (§ 501.171, F.S.). Where Florida law provides greater protections than federal law, we comply with the stricter Florida requirements.

I. Special Protections for Substance Use Disorder (SUD) Records

If you receive services for a substance use disorder (“SUD”), your SUD treatment records are protected by federal law under 42 CFR Part 2, in addition to HIPAA, and by Florida’s Marchman Act (Chapter 397, F.S.). These layered protections exist because fear of discrimination or legal consequences can deter individuals from seeking treatment for substance use disorders.

42 CFR Part 2 Protections

  • Written Consent Required for Most Disclosures. In general, your SUD records may not be disclosed without your specific written consent, except in limited circumstances permitted by law (described below). You may provide a single consent authorizing the use and disclosure of your SUD records for purposes of treatment, payment, and health care operations (“TPO”).
  • Prohibition on Use in Legal Proceedings. Your SUD records, or testimony relaying the content of such records, shall not be used or disclosed in any civil, criminal, administrative, or legislative proceeding against you unless based on your specific written consent or a qualifying court order. A court order authorizing such use or disclosure must be accompanied by a subpoena or other similar legal mandate compelling disclosure.
  • Redisclosure. Once we disclose your SUD records to another HIPAA covered entity or business associate based on your TPO consent, that entity may further use and disclose the records in accordance with HIPAA for treatment, payment, and health care operations. However, the prohibition on use of your SUD records in legal proceedings against you continues to apply to all recipients.
  • SUD Counseling Notes. If a provider maintains SUD counseling notes—which are notes analyzing the contents of a conversation during an SUD counseling session and maintained separately from the rest of your medical record—those notes require a separate, specific written consent for use or disclosure and cannot be disclosed based on a general TPO consent.

Florida Law – Marchman Act Confidentiality (§ 397.501, F.S.)

Under the Hal S. Marchman Alcohol and Other Drug Services Act, records of substance abuse service providers pertaining to your identity, diagnosis, prognosis, and the services provided to you are confidential and exempt from Florida’s public records law. These records may not be disclosed without your written consent except in limited circumstances, including:

•  To medical personnel in a medical emergency

•  To service provider personnel who need the information to carry out treatment duties

•  For scientific research (with written agreement to protect identifying information)

•  For audit or program evaluation by government agencies or third-party payers

•  Upon court order based on a showing of good cause (a court order alone authorizes but does not compel disclosure; a subpoena must also be issued to compel production)

When a minor alone consents to substance use services under the Marchman Act, any disclosure of identifying information to the parent, legal guardian, or custodian for the purpose of obtaining financial reimbursement requires the minor’s written consent.

Disclosures of SUD Records Permitted Without Your Consent

In limited circumstances, your SUD records may be used or disclosed without your written consent, including:

  • To medical personnel in a medical emergency
  • For internal communications within our practice for treatment purposes
  • To qualified service organizations performing services for us
  • For research, audit, or program evaluation (with appropriate safeguards)
  • To report suspected child abuse or neglect as required by law
  • As required by a court order meeting the requirements of 42 CFR Part 2
  • De-identified information disclosed to public health authorities
  • To prevent a crime or threat on program premises or against program personnel

II. How We Use and Disclose Your Health Information

The following describes the ways we may use and disclose your PHI. Not every use or disclosure is listed, but all uses and disclosures fall within one of the categories described.

A. Uses and Disclosures for Treatment, Payment, and Health Care Operations

  • Treatment. We may use your PHI to provide, coordinate, or manage your health care and related services. This includes sharing your PHI with other health care providers involved in your care, such as specialists, hospitals, therapists, pharmacists, or laboratories. For example, if we refer you to a specialist, we may share relevant portions of your medical record so that the specialist can provide appropriate care. “For example, if we refer you to a specialist, we may share relevant portions of your medical record so that the specialist can provide appropriate care.”  
  • Payment. We may use and disclose your PHI to bill and collect payment for the treatment and services we provide. This may include providing information to your health insurance plan, Medicare, Medicaid, or other third-party payers. “For example, we may send your health plan information about a service you received so your health plan can pay us or reimburse you for the service.”
    • Health Care Operations. We may use and disclose your PHI for our health care operations, which include quality assessment, employee review, training programs, accreditation, certification, licensing activities, compliance activities, business planning, and other administrative functions. “For example, we may use your medical records to evaluate the quality and competence of our health care providers and staff.”
  • Electronic Health Information Exchange Through a Health Information Exchange (HIE)
    • We participate in one or more health information exchanges (“HIEs”) to facilitate the secure electronic sharing of your health information among authorized health care providers and other covered entities. An HIE is an electronic network that allows health care providers, health plans, and other authorized entities to access and share your medical information for purposes of treatment, payment, and health care operations, subject to applicable federal and state law.
  • [Name of HIE or multiple HIEs] include a brief description of the HIE.
    • Through our participation in the HIE, your PHI may be used and disclosed as follows:
    • Treatment. Your health information may be made available through the HIE to other health care providers who are involved in your care. For example, if you visit an emergency room at a participating hospital, the emergency room physicians may electronically access your medical history, current medications, allergies, and recent test results through the HIE so that they can provide you with safe and effective care.
    • Payment. Your health information may be shared through the HIE to facilitate billing and payment for services you receive. For example, your health plan may access information about a service you received through the HIE to verify and process a claim for payment.
    • Health Care Operations. Your health information may be used through the HIE for quality assessment, care coordination, and other health care operations. For example, the HIE may be used to help coordinate your care by making your records available to members of your care team across different provider organizations.
    • SUD Records and the HIE. If you receive services for a substance use disorder (“SUD”), your SUD treatment records will not be shared through the HIE without your specific written consent as required by 42 CFR Part 2. If you provide a written consent for disclosure of your SUD records for treatment, payment, and health care operations, those records may be made available through the HIE to the extent permitted by your consent and applicable law. The prohibition on use of SUD records in legal proceedings against you continues to apply to any recipient who accesses your SUD records through the HIE.
    • You have the right to request that we restrict the sharing of your PHI through the HIE. To request a restriction, please submit your request in writing to our Privacy Officer. While we are not generally required to agree to your request (except as described in Section III of this Notice regarding out-of-pocket payments), we will carefully consider all requests.
    • [If applicable, describe any opt-in or opt-out process the HIE or your practice offers:]
    • [Describe HIE opt-out/opt-in process, e.g., “You may opt out of having your information shared through [HIE Name] by completing an opt-out form available from our Privacy Officer or by contacting [HIE Name] directly at [HIE phone/website]. If you opt out, your information will not be available to other providers through the HIE, which may affect the coordination of your care.”]
  • Florida Law — Health Information Exchange and Practitioner Confidentiality (§ 456.057, F.S.)
  • Under Florida law, information disclosed to a health care practitioner by a patient in the course of care and treatment is confidential. When your PHI is shared through an HIE, all recipients remain bound by Florida’s practitioner-patient confidentiality requirements and may not further disclose your information without your written authorization or as otherwise permitted by law. Additionally, any third party receiving your information through the HIE is prohibited from further disclosing your medical record information without your express written consent (§ 456.057(11), F.S.).
  • Florida’s heightened protections for HIV test results (§ 381.004, F.S.), sexually transmitted disease records (§ 384.29, F.S.), Baker Act clinical records (§ 394.4615, F.S.), and Marchman Act substance abuse records (§ 397.501, F.S.) continue to apply to information shared through an HIE. These categories of information will not be shared through the HIE except as expressly permitted under the applicable Florida statute.

 

  • Other Electronic Exchanges of Your Health Information
  • In addition to any HIE described above, we may use and disclose your PHI through other electronic means in the course of providing your care and operating our practice. These electronic exchanges are subject to the same privacy protections described throughout this Notice and are conducted in compliance with applicable federal and state law, including the HIPAA Security Rule.
  • Patient Portal. We offer a patient portal that allows you to securely access your health information electronically, including [describe available features, e.g., medical records, test results, appointment scheduling, prescription refill requests, and secure messaging with your care team]. Information made available through the patient portal is subject to the protections described in this Notice. 
  • Electronic Health Record (EHR) System. We maintain your medical records in an electronic health record system. Our EHR system [is / is not] certified under the Office of the National Coordinator for Health Information Technology (ONC) Health IT Certification Program. Your health information stored in our EHR system may be electronically transmitted to other providers involved in your care, to health plans for payment purposes, and for other uses and disclosures described in this Notice.
  • Electronic Prescribing. We may transmit your prescriptions electronically to your pharmacy. Electronic prescribing allows us to send accurate, legible prescriptions directly to your pharmacy and to check for potential drug interactions, allergies, and formulary information.
  • Telehealth and Telemedicine Services. We [offer / may offer] telehealth or telemedicine services that allow you to receive health care services remotely through secure audio, video, or other electronic communications. When you receive telehealth services, your PHI may be transmitted electronically and may be documented in your medical record in the same manner as an in-person visit. Telehealth sessions [are / are not] recorded. If recorded, the recording becomes part of your medical record and is subject to the same protections.]
  • Secure Messaging and Electronic Communications. We may communicate with you electronically through secure patient portal messaging, encrypted email, or text message notifications. If you consent to receive electronic communications from us, please be aware that standard (unencrypted) email and text messages may not be fully secure. You may request that we communicate with you only by certain means or at certain locations by exercising your right to request confidential communications as described in Section III of this Notice.
  • Third-Party Health Applications and APIs. Under federal law, you have the right to direct us to transmit an electronic copy of your PHI to a third-party application of your choice. If you request that we send your information to a third-party application, please be aware that once your PHI has been transmitted to the application at your direction, it may no longer be protected by HIPAA, and we are not responsible for the privacy or security practices of the third-party application. We encourage you to review the privacy policies of any application before directing us to share your health information with it.

 

  • Electronic Exchange Arrangements specific to your practice:

None

  • Florida Law — Electronic Communications and Data Security (§ 501.171, F.S.; § 456.057, F.S.)
  • Under the Florida Information Protection Act (§ 501.171, F.S.), we are required to take reasonable measures to protect and secure your personal information, including health information, in electronic form. If a breach of your electronic health information occurs, Florida law requires us to notify you within 30 days of determining that a breach has occurred, which is stricter than the federal 60-day notification requirement under HIPAA.
  • Florida law (§ 456.057(10), F.S.) requires us to develop and implement policies, standards, and procedures to protect the confidentiality and security of medical records maintained in electronic format, and to train our employees in these policies. The confidentiality protections under Florida law apply equally to health information maintained or transmitted electronically as to information maintained in paper form.
  • Under Florida’s constitutional right to privacy (Article I, Section 23, Florida Constitution), your health information—whether maintained in paper or electronic form—is afforded broad privacy protection. We are committed to maintaining the security of your electronically stored and transmitted health information in compliance with all applicable federal and state requirements.

Florida Law – Practitioner-Patient Confidentiality (§ 456.057, F.S.)

Under Florida law, information disclosed to a health care practitioner by a patient in the course of care and treatment is confidential and may be disclosed only to other health care practitioners and providers involved in the care or treatment of the patient, or if permitted by the patient’s written authorization. Medical records may not be furnished to, and the medical condition of a patient may not be discussed with, any person other than the patient, the patient’s legal representative, or other health care practitioners and providers involved in the patient’s care or treatment, except upon written authorization of the patient. Florida law provides no exception for disclosure to insurance companies for payment or to law enforcement without patient authorization or subpoena.

B. Uses and Disclosures Permitted or Required Without Your Authorization

We may use or disclose your PHI without your authorization in the following circumstances:

  • As Required by Law. We will disclose your PHI when required to do so by applicable federal, state, or local law.
  • Public Health Activities. We may disclose your PHI for public health activities, such as preventing or controlling disease, injury, or disability; reporting births and deaths; reporting child abuse or neglect; reporting reactions to medications or products; and notifying people of recalls.
  • Victims of Abuse, Neglect, or Domestic Violence. We may disclose your PHI to a government authority if we reasonably believe you are a victim of abuse, neglect, or domestic violence, and you agree to the disclosure or the disclosure is required or authorized by law.
  • Health Oversight Activities. We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure actions, including the Florida Department of Health and applicable professional boards.
  • Judicial and Administrative Proceedings. Under Florida law (§ 456.057(7)(a)(3), F.S.), medical records may be furnished in any civil or criminal action upon the issuance of a subpoena from a court of competent jurisdiction, provided proper notice is given to the patient or the patient’s legal representative by the party seeking the records. Note: SUD records and Baker Act records have additional protections as described in this Notice.
  • Law Enforcement Purposes. We may disclose your PHI to law enforcement officials for limited purposes, including reporting certain types of wounds and physical injuries; locating or identifying a suspect, fugitive, material witness, or missing person; and complying with a court order, warrant, or similar process. SUD records may not be disclosed to law enforcement except as permitted under 42 CFR Part 2.
  • Coroners, Medical Examiners, and Funeral Directors. We may disclose your PHI to a coroner, medical examiner, or funeral director so that they can carry out their duties.
  • Research. Under certain circumstances, we may use and disclose your PHI for research purposes, provided an institutional review board or privacy board has reviewed the research proposal and established protocols to ensure the privacy of your information.
  • To Avert Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or that of another person or the public.

Florida Law – Duty to Warn (§ 456.059, F.S.)

Under Florida law, a psychiatrist may, without the patient’s consent, disclose information to prevent or lessen a serious and imminent threat of harm if: (1) the patient communicates a specific threat of imminent harm to an identifiable victim; (2) the treating psychiatrist makes a clinical judgment that the patient has the apparent capability to commit the act; and (3) the psychiatrist determines it is more likely than not that the patient will carry out the threat in the near future.

  • Military and Veterans. If you are a member of the armed forces, we may disclose your PHI as required by military command authorities.
  • Workers’ Compensation. We may disclose your PHI as authorized by, and to the extent necessary to comply with, workers’ compensation laws or similar programs.
  • Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to the institution or official in certain circumstances.
  • National Security and Intelligence Activities. We may disclose your PHI to authorized federal officials for intelligence, counter-intelligence, and other national security activities authorized by law.
  • Protective Services for the President. We may disclose your PHI to authorized federal officials to provide protection to the President, other authorized persons, or foreign heads of state.
  • Secretary of HHS. We may disclose your PHI to the Secretary of HHS when required for investigation or determination of our compliance with privacy laws.
  • Department of Children and Families. Under Florida law (§ 456.057(7)(a)(6), F.S.), we may disclose your PHI to the Department of Children and Families, its agent, or its contracted entity for the purpose of investigations of, or services for, cases of abuse, neglect, or exploitation of children or vulnerable adults.

C. Uses and Disclosures Requiring Your Authorization or Providing You a Choice

Situations Where We Will Ask for Your Written Authorization

Other uses and disclosures of your PHI not covered by this Notice or by applicable law will be made only with your written authorization. These include:

  • Uses and disclosures of psychotherapy notes (Only to other therapists)
  • Uses and disclosures of SUD counseling notes (requires separate specific consent)
  • Uses and disclosures for marketing purposes
  • Disclosures that constitute a sale of PHI
  • Other uses or disclosures not described in this Notice

You may revoke an authorization at any time, in writing, except to the extent we have already taken action in reliance on it.

Florida Law – Marketing Prohibition and Redisclosure Restrictions (§ 456.057, F.S.)

Under Florida law, absent a specific written release or authorization permitting utilization of patient information for solicitation or marketing the sale of goods or services, any use of that information for those purposes is expressly prohibited. A general authorization for the release of medical information is not sufficient for marketing purposes.

Additionally, any third party to whom your information is disclosed is prohibited from further disclosing any information in your medical record without your expressed written consent (§ 456.057(11), F.S.).

Situations Where You Have the Right to Object or Opt Out

  • Family, Friends, and Others Involved in Your Care. Unless you object, we may share relevant PHI with a family member, other relative, close personal friend, or any person you identify who is involved in your care or payment for your care.
  • Disaster Relief. We may disclose your PHI to an authorized public or private entity to assist in disaster relief efforts.

Fundraising

We may use or disclose limited information about you to contact you regarding fundraising. You have the right to opt out of receiving fundraising communications at any time by contacting our Privacy Officer. Part 2-specific requirement under (b)(1)(iii)(E), before any fundraising patients are given a clear, conspicuous opt-out opportunity before any SUD records are used for fundraising.

III. Your Rights Regarding Your Health Information

You have the following rights with respect to your PHI under both federal and Florida law. All requests to exercise these rights must be submitted in writing to our Privacy Officer, unless otherwise noted.

Right to Inspect and Copy

You have the right to inspect and obtain a copy of your PHI contained in a designated record set, including medical and billing records. To request access, submit your request in writing to our Privacy Officer. We will act on your request no later than 30 calendar days after we receive it. If we need additional time, we may extend this period by up to 30 additional calendar days, provided we give you a written explanation of the reason for the delay and the date by which we will complete our action. You may request your records in the form and format you prefer (including electronic format), and we will provide them in that form and format if readily producible.

HIPAA Right of Access – Fee Limitations (45 CFR § 164.524; OCR Guidance)

When you request a copy of your own records under HIPAA’s Right of Access, we may charge only a reasonable, cost-based fee. This fee may include only: (1) labor costs for copying (but not for searching for or retrieving your records); (2) the cost of supplies (such as paper, CDs, or USB drives); and (3) postage, if you request that copies be mailed. We will provide you with a fee estimate in advance of fulfilling your request.

Electronic copies: If your records are maintained electronically and you request an electronic copy, we may charge a flat fee not to exceed $6.50 (inclusive of all labor, supplies, and applicable postage), or we may calculate our actual or average labor costs. Per-page fees are not permitted for electronic copies of records maintained electronically.

Paper copies: If your records are maintained in paper form and you request a paper copy, we may charge a reasonable per-page fee based on our actual or average labor costs for copying, plus supplies and postage.

These HIPAA fee limitations apply to your requests for your own records and preempt any higher fees that might otherwise be permitted under state law. You may not be denied access to your records due to inability to pay.

Florida Law – Practitioner Copy Fee Maximums for Third-Party Requests (§ 456.057, F.S.)

When records are requested by a third party (such as an attorney, insurance company, or other entity acting under a valid authorization or subpoena), Florida law caps copy charges at $1.00 per page for the first 25 pages, and $0.25 per page for each additional page, plus the actual cost of postage (§ 456.057(7)(a), F.S.). These Florida statutory maximums apply to third-party requests and do not override the stricter HIPAA fee rules that apply to your personal Right of Access requests.

We may deny your request in certain limited circumstances; if we do, you will be notified of the reason and your right to have the denial reviewed.

Right to Amend

If you feel that PHI we maintain about you is incorrect or incomplete, you may ask us to amend it. Your request must be in writing, must be directed to the Privacy Officer, and must state a reason for the amendment. We may deny your request if the information was not created by us, is not part of the designated record set, is not available for inspection, or is accurate and complete.

Right to an Accounting of Disclosures

You have the right to request a list (an “accounting”) of certain disclosures we have made of your PHI. For SUD records maintained in an electronic health record, you have the right to an accounting of disclosures for the past three (3) years, including disclosures for treatment, payment, and health care operations. For all other PHI, the accounting covers six (6) years prior to the date of your request (excluding disclosures for TPO, disclosures to you, and certain other categories). We will provide the first accounting in any twelve-month period free of charge; subsequent requests may be subject to a reasonable, cost-based fee.

Florida Law – Mandatory Disclosure Log (§ 456.057(11), F.S.)

Under Florida law, records owners are responsible for maintaining a record of all disclosures of information contained in the medical record to a third party, including the purpose of each disclosure request. This disclosure record may be maintained in the medical record. This Florida requirement provides additional protection beyond the HIPAA accounting of disclosures.

Right to Request Restrictions

You have the right to request a restriction on the PHI we use or disclose about you for treatment, payment, or health care operations. You may also request a limit on the PHI we disclose about you to someone involved in your care. We are not required to agree to your request except in one circumstance: If you pay for a service or item out-of-pocket in full, you may request that we not disclose information about that service to your health plan, and we are required to honor that restriction. This right also applies to your SUD records.

Right to Request Confidential Communications

You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may ask that we contact you only at work or by mail. Your request must be in writing and must specify how or where you wish to be contacted. We will accommodate all reasonable requests.

Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice upon request, even if you have agreed to receive the Notice electronically.

Right to Choose Someone to Act for You

If you have given someone medical power of attorney, designated a health care surrogate under Florida law (§ 765.101, F.S.), or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will verify that the person has this authority before we take any action.

Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us, with the U.S. Department of Health and Human Services Office for Civil Rights, or with the Florida Department of Health. You will not be penalized or retaliated against for filing a complaint.

  • To file a complaint with us, contact the Privacy Officer at [Phone] or write to: Privacy Officer, [Practice Name], [Address], [City], FL [ZIP].
  • To file a complaint with HHS OCR, visit www.hhs.gov/ocr/privacy/hipaa/complaints or call 1-877-696-6775.
  • To file a complaint with the Florida Department of Health, call (850) 245-4444 or visit www.floridahealth.gov. You may also file a complaint with the applicable professional licensing board.

Right to a List of Intermediary Disclosures

If your SUD records have been disclosed to an intermediary, you have the right to request a list of disclosures made by that intermediary for the past three (3) years, as provided under 42 CFR § 2.24.

IV. Additional Protections Under Florida Law

In addition to the federal protections described above, Florida law provides the following important protections for your health care information:

A. Florida Constitutional Right to Privacy

Article I, Section 23 of the Florida Constitution guarantees that every natural person has the right to be let alone and free from governmental intrusion into the person’s private life. The Florida Supreme Court has recognized that this right extends to the confidentiality of medical records. The privacy of your health care information is a constitutionally protected right in Florida, and we take this obligation seriously.

B. Medical Records Ownership and Custody (§ 456.057, F.S.)

Florida Law – Records Ownership

Under Florida law, records owners must develop and implement policies, standards, and procedures to protect the confidentiality and security of medical records, and employees must be trained in these policies (§ 456.057(10), F.S.). A health care practitioner who generates a medical record is the owner of that record. If a practitioner is employed by a health care facility or other provider, the facility or provider that employs the practitioner is the records owner.

If our practice is terminating operations, retiring, or relocating and will no longer be available to patients, Florida law (§ 456.057(12), F.S.) requires us to place an advertisement in the local newspaper or notify patients in writing and offer patients the opportunity to obtain their records or have them transferred to another provider.

C. Baker Act – Mental Health Records (§ 394.4615, F.S.)

If you receive mental health services that fall under Florida’s Baker Act (Florida Mental Health Act, Chapter 394, F.S.), your clinical records receive special protections:

  • Confidential and Exempt. Your clinical records maintained under the Baker Act are confidential and exempt from Florida’s public records law. The confidential status of these records is not lost by either authorized or unauthorized disclosure.
  • Express and Informed Consent Required. Unless waived by your express and informed consent (or that of your guardian, guardian advocate, or personal representative), your Baker Act clinical records may only be disclosed in limited circumstances provided by law.
  • Patient Access. You have reasonable access to your clinical records, unless such access is determined by your physician or psychiatric nurse to be harmful to you.
  • Next of Kin Information. Florida law permits a parent or next of kin of a person receiving mental health treatment to request and receive a summary of the person’s treatment plan and current physical and mental condition.
  •  

Your Baker Act clinical records may be released in the following circumstances:

  • You or your guardian or legal custodian authorize the release
  • You are represented by counsel and the records are needed for adequate representation
  • A court orders release after weighing the need for disclosure against the potential harm to you
  • You are committed to or returned to the Department of Corrections, upon DOC request
  • For determining whether you meet criteria for involuntary services or for preparing a proposed services plan

Any person, agency, or entity receiving information from your Baker Act clinical records must maintain that information as confidential.

D. Marchman Act – Substance Abuse Records (§ 397.501, F.S.)

If you receive services under the Marchman Act, your records are protected by both federal 42 CFR Part 2 and Florida’s Marchman Act confidentiality provisions, as described in Section I of this Notice. Key Florida-specific protections include:

  • Right to Individual Dignity. Your dignity must be respected at all times, and you may not be deprived of any constitutional right.
  • Right to Confidentiality. Your records are confidential and exempt from public records disclosure. Court proceedings under the Marchman Act are also confidential.
  • Court Order Requirements. A court order authorizing disclosure is a unique type of order that only authorizes, but does not compel, disclosure. A separate subpoena must be issued to compel production. Applications for such orders must use fictitious names and may not contain or disclose your identity.

E. HIV/AIDS Test Confidentiality (§ 381.004, F.S.)

Florida Law – HIV Test Confidentiality

Under Florida’s Omnibus AIDS Act and § 381.004, F.S., your HIV test results are afforded heightened (“superconfidential”) protection beyond standard medical record confidentiality. Informed consent must be obtained before an HIV test is performed, and you have the right to confidential treatment of information identifying you as the test subject and the test results. In a health care setting, you must be notified that the test is planned and that you have the right to decline.

Disclosure of HIV test results without authorization is prohibited except in limited circumstances, including: medical emergencies, as required for blood/organ/tissue donation safety, to the Department of Health for public health reporting, to health care personnel involved in your care, and as otherwise provided by law. Unauthorized disclosure of HIV test results may result in civil liability and constitutes a criminal violation under Florida law.

F. Sexually Transmitted Disease Records (§ 384.29, F.S.)

Under Florida law, all information and records held relating to known or suspected cases of sexually transmissible diseases are confidential. This information may not be released or made public except as specifically authorized by statute or as needed for public health purposes. Violation of STD confidentiality provisions may result in fines of up to $500 per offense imposed by the Florida Department of Health.

G. Minors’ Consent and Confidentiality

Florida law provides important protections for minors seeking certain types of health care:

  • Mental Health Services (§ 394.4784, F.S.). A minor age 13 or older experiencing an emotional crisis may request, consent to, and receive outpatient diagnostic and evaluative mental health services and outpatient crisis intervention, psychotherapy, group therapy, counseling, or other forms of verbal therapy without parental consent. These services are limited and do not include medication or somatic methods, and are limited to two visits per week.
  • STD Treatment (§ 384.30, F.S.). The fact of consultation, examination, and treatment of a minor for sexually transmitted diseases is confidential and may not be disclosed to the minor’s parent or guardian without the minor’s consent.
  • Substance Abuse Services (§ 397.501, F.S.). When a minor alone consents to substance use services, disclosure of identifying information to a parent or guardian for purposes of obtaining financial reimbursement requires the minor’s written consent.

H. Penalties for Privacy Violations Under Florida Law

Florida law provides significant penalties for violations of medical record confidentiality:

  • Civil Penalties. Violations of the Florida Information Protection Act (§ 501.171, F.S.) may result in civil penalties of up to $500,000 per breach. Violations are also treated as unfair or deceptive trade practices under the Florida Deceptive and Unfair Trade Practices Act.
  • Disciplinary Action. Practitioners who violate medical record confidentiality requirements may be subject to disciplinary proceedings before the Florida Department of Health and the applicable professional licensing board, which may impose sanctions including fines, probation, suspension, or revocation of licensure.
  • HIV Disclosure Violations. Unauthorized disclosure of HIV test results constitutes a criminal violation under Florida law and may result in civil liability.
  • STD Disclosure Violations. Violations of STD confidentiality requirements may result in fines of up to $500 per offense.

V. Our Responsibilities

We are required by law to:

  • Maintain the privacy of your PHI, SUD records, mental health records, HIV test results, and STD records.
  • Provide you with this Notice of our legal duties and privacy practices.
  • Abide by the terms of the Notice currently in effect.
  • Notify you following a breach of your unsecured PHI or SUD records, as required by federal and Florida law.
  • Comply with both federal and Florida confidentiality requirements, applying the stricter standard where they differ.
  • Develop and implement policies, standards, and procedures to protect the confidentiality and security of medical records, and train our employees in these policies (§ 456.057(10), F.S.).
  • Maintain a record of all disclosures of medical record information to third parties, including the purpose of each disclosure (§ 456.057(11), F.S.).

We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI and SUD records that we maintain. If we make a material change, we will make the revised Notice available upon request, post it in our offices and on our website, and provide a copy to you at your next visit or upon request.

We will not use or disclose your PHI or SUD records without your written authorization or consent, except as described in this Notice or as otherwise permitted or required by law.

VI. SUD Records Received from Other Part 2 Programs

We may receive or maintain information about you from substance use disorder treatment programs covered by 42 CFR Part 2 (“Part 2 Programs”). If we receive your SUD records through a general consent for TPO purposes, we may use and disclose those records for treatment, payment, and health care operations as described in this Notice. If we receive your SUD records through a specific consent, we will use and disclose those records only as expressly permitted by your consent.

In all cases, 42 CFR Part 2 prohibits unauthorized use or disclosure of these records. Your SUD treatment records may not be used to investigate or prosecute you, and special protections against use in legal proceedings continue to apply.

VII. Breach Notification

In the event of a breach of your unsecured PHI or unsecured SUD records, we are required to notify you as required by federal law (the HIPAA Breach Notification Rule and 42 CFR Part 2). Notification will be made without unreasonable delay and no later than 60 days after discovery of the breach, unless law enforcement requests a delay.

Florida Law – Florida Information Protection Act (§ 501.171, F.S.)

In addition to HIPAA, the Florida Information Protection Act (FIPA) requires notification of affected Florida residents no later than 30 days after determining that a breach has occurred (which is stricter than HIPAA’s 60-day requirement). FIPA’s definition of “personal information” includes medical history, mental or physical condition, medical treatment or diagnosis, health insurance policy numbers, and (as of July 1, 2024) biometric information and geolocation data.

If a breach affects 500 or more Florida residents, we are also required to notify the Florida Department of Legal Affairs (Attorney General) within 30 days. If a breach affects more than 1,000 residents, we must also notify nationwide consumer reporting agencies. 

VIII. Contact Information

If you have questions about this Notice, wish to exercise any of your rights, or want to file a complaint, please contact:

Privacy Officer

[CLIENTNAME]

[Address]

[City], FL [ZIP]

Phone: [Phone Number]

You may also file a complaint with:

U.S. Department of Health and Human Services

Office for Civil Rights

200 Independence Avenue, S.W.

Washington, D.C. 20201

Phone: 1-877-696-6775

www.hhs.gov/ocr/privacy/hipaa/complaints

Florida Department of Health

4052 Bald Cypress Way

Tallahassee, FL 32399

Phone: (850) 245-4444

www.floridahealth.gov

Florida Attorney General – Department of Legal Affairs

The Capitol, PL-01

Tallahassee, FL 32399-1050

Phone: (866) 966-7226

www.myfloridalegal.com

IX. Services Covered by This Notice

This Notice applies to all services provided by [Practice Name], including but not limited to:

  • Primary Care / Family Medicine / Internal Medicine
  • Behavioral Health and Mental Health Services
  • Substance Use Disorder Treatment (Part 2 Program)
  • Specialty Care Services
  • Laboratory and Diagnostic Services (if applicable)
  • Telehealth and Telemedicine Services
  • All other clinical services provided by practitioners at this practice

 

ACKNOWLEDGMENT OF RECEIPT

I acknowledge that I have received a copy of the Notice of Privacy Practices of [CLIENTNAME].

 

Patient Name (Print): _______________________________________________

Signature: ________________________________  Date: __________________

If signed by personal representative:

Representative Name: _______________________________________________

Relationship to Patient: ____________________________________________